Road to Nowhere

Do you know what you want?

0 notes

NAT simulation finally

  • Full cone
iptables -t nat POSTROUTING -o $EXTIF -p tcp --sport $P -j SNAT --to-source 192.168.2.170 
iptables -t nat POSTROUTING -o $EXTIF  -p udp --sport $P -j SNAT --to-source 92.168.2.170
iptables -t nat PREROUTING -i $EXTIF -p tcp --dport $P -j DNAT --to-destination 10.0.0.1 
iptables -t nat PREROUTING -i $EXTIF -p udp --dport $P -j DNAT --to-destination 10.0.0.1
  • Address restricted
    • # previous rules 
iptables -t nat POSTROUTING -o $EXTIF -p tcp --sport $P -j SNAT --to-source 192.168.2.170 
iptables -t nat POSTROUTING -o $EXTIF  -p udp --sport $P -j SNAT --to-source 92.168.2.170 
iptables -t nat PREROUTING -i $EXTIF -p tcp --dport $P -j DNAT --to-destination 10.0.0.1 
iptables -t nat PREROUTING -i $EXTIF -p udp --dport $P -j DNAT --to-destination 10.0.0.1 
# FILTER rules to drop, rather than forward, new connections 
# we accept already established connections (These are only necessary if default policy is not ACCEPT) 
iptables -A INPUT -i $EXTIF -p tcp --dport $P -m state --state ESTABLISHED,RELATED -j ACCEPT 
iptables -A INPUT -i $EXTIF -p udp --dport $P -m state --state ESTABLISHED,RELATED -j ACCEPT 
# now rules to drop the packets otherwise (only necessary if default policy is not DROP) 
iptables -A INPUT -i $EXTIF -p tcp --dport $P -m state --state NEW -j DROP 
iptables -A INPUT -i $EXTIF -p udp --dport $P -m state --state NEW -j DROP
  • Port restricted
    • # previous rules 
iptables -t nat POSTROUTING -o $EXTIF -p tcp --sport $P -j SNAT --to-source 192.168.2.170 
iptables -t nat POSTROUTING -o $EXTIF  -p udp --sport $P -j SNAT --to-source 92.168.2.170 
iptables -t nat PREROUTING -i $EXTIF -p tcp --dport $P -j DNAT --to-destination 10.0.0.1 
iptables -t nat PREROUTING -i $EXTIF -p udp --dport $P -j DNAT --to-destination 10.0.0.1 
# FILTER rules to drop, rather than forward, new connections 
# we accept already established connections (These are only necessary if default policy is not ACCEPT) 
iptables -A INPUT -i $EXTIF -p tcp --sport $P --dport $P -m state --state ESTABLISHED,RELATED -j ACCEPT 
iptables -A INPUT -i $EXTIF -p udp --sport $P --dport $P -m state --state ESTABLISHED,RELATED -j ACCEPT 
# now rules to drop the packets otherwise (only necessary if default policy is not DROP) 
iptables -A INPUT -i $EXTIF -p tcp --dport $P -m state --state NEW -j DROP 
iptables -A INPUT -i $EXTIF -p udp --dport $P -m state --state NEW -j DROP
  • Symmetric
    • # no other rules are required for this.  
iptables -t nat -I POSTROUTING -s 10.0.0.1 -o $EXTIF  -j MASQUERADE